By Need

By Industry

By Function

Cybersecurity & Risk Management

Patch Tuesday March 2021 Edition…Exchange Exploits Escalate

By Randy Becker, CISO & VP, Network and Security Consulting

As if the SolarWinds fiasco and the massive global on-premises Exchange Servers attack weren’t bad enough, here comes Microsoft Patch Tuesday for March 2021.

Microsoft Patch Tuesday announces 82 vulnerabilities, with 10 plus classified as critical, 1 zero-day exploit, and 72 as important. These have all be fixed in this month’s update courtesy of Microsoft. Of special note, these numbers do not include the 7 Microsoft Exchange and 33 Chromium Edge vulnerabilities already released.  


If you have an on-premises Exchange Server, you must apply the updates from Microsoft immediately. You can find the installation instructions here. The Exchange Server team has also created a script to run a check for HAFNIUM IOCs. That script is available here.

Estimates of 30,000+ victims in the U.S. alone

While the Microsoft Security Response Center (MSRC) website has a thorough update guide on the 82 new vulnerabilities, the bigger problem right now is the alarming number of Microsoft on-premises Exchange Servers being compromised with these “Web Shell” scripts that, once installed, provide a backdoor that gives threat actors full access to the impacted systems, remote control, the ability to read email, and the ability to move latterly within an environment with the potential to exploit other systems. There are estimates that this might exceed 30,000 victims in the U.S. and potentially hundreds of thousands worldwide.

What can you do right now to protect your organization?

So, what comes next? This is a very good question.

While we can only speculate, here are some thoughts based on previous experience. Security consulting organizations such as GreenPages have notified and assisted customers with getting Exchange Servers patched and determining if any systems have been compromised. I do, however, expect more ransomware, cyberespionage, and data exfiltration events to occur similar to what we have seen over the last year.


Simply put, the drumbeat is constant and the threats are real and dangerous; this is no time to be complacent. As we continue to field calls from organizations looking for assistance, it’s clear that even the smartest security teams need help to remain vigilant.

If you would like strategic direction to strengthen your security stance, reach out to your GreenPages Account Executive who can connect you with a Security Engineer or reach out to us!

Randy Becker

VP and Principal Security Architect

At Blue Mantis, Randy responsible for the leadership of the offensive security team. Randy provides leadership for the cyber security practice and advising our customers on how to better protect their assets while reducing risk. With strong expertise in offensive security, cyber security and risk management; cloud security, security consulting, operations, and optimization; infrastructure modernization; and hybrid cloud architecture, design, and implementation. Randy’s security certifications include OSEP, OSCP, CISSP, and CCNP.

Working closely with clients, he regularly designs and implement security solutions that enable organizations to effectively shrink their attack surface in an increasingly dangerous, dynamic cyber security landscape. In addition to preemptive maneuvers, he also develops cyber security strategies to help clients contain, combat, and remediate threats where they appear – while ensuring that both industry-specific and federal compliance mandates are met.